Last year, TransUnion published its UK Fraud and Identity Report 2025. This report highlighted how fraud activity in the UK remains widespread and, concerningly, fraud via mobile smartphones is on the rise. Criminal activity on phones via account takeover was up by 20% in 2025. That means your phone might not just be a target for theft; it could also be the key to unlocking your data, savings, and accounts.
Here’s our guide to keeping your account safe on your phone.
Never click links in texts claiming to be from the government, energy firms, or HMRC
Scammers use malicious links in texts, fake updates, or unofficial apps to gain access. Once they’re in, they can hijack texts, reset passwords, and even change account details without raising suspicion.
Sometimes, scams are easy to spot. Like a random text message telling you you’ve won a competition that you never even entered. They look dodgy, and almost always are. Increasingly, though, scammers are using more sophisticated methods. Posing as reputable companies like energy or utility suppliers, even the government or HMRC, they send text scams to obtain your personal information.
The primary driver of messages like these is fear, which will lead to action. For example, a fraudster might send a text warning that your energy account will be locked, and you need to click a link to update your details. The recipient, worrying about having their power cut off, clicks the link and inadvertently hands over their personal information to a scammer straight away.
The answer?
- Don’t click the link. If you get a text from a company you’re not expecting to hear from, don’t rush in.
- If you’re unsure, then contact the company via their secure channels to check the message’s validity.
- If it’s a scam, they’ll tell you, and you can report it to the National Cyber Security Centre.
Use multi-factor authentication (with something other than SMS if possible)
Multi-factor authentication (sometimes called two-factor authentication or 2FA) is an excellent way of keeping your data safe online. Instead of just something that only you would know, like your password, it also requires information about something that you have. This could be an authentication code sent to you, or a biometric check like a fingerprint or face scan.
Your phone is a very convenient tool for multi-factor authentication, but it can also be a risky one. This is especially true when 2FA uses text messages to share codes or password links. If your phone is stolen, it’s easy for a scammer to obtain a 2FA code or, indeed, access your email for a password reset link.
Here are a few recommendations for safer 2FA:
- Try not to use your phone both to log in and for 2FA. Use a separate computer or tablet if you can.
- Use authenticator apps. Many leading platforms, like Google and Microsoft, have built secure apps to keep your data safe via 2FA.
- If you rely heavily on your phone, then consider adding an extra layer of security through your network, such as a SIM card PIN.
Keep your phone updated and only install apps from official stores
Keeping the software on your phone up to date doesn’t just get you the latest features. Up-to-date software is instrumental in fixing bugs and security holes on your phone that criminals can exploit. Outdated software makes it easier for scammers to use malware, which is software designed to gain unauthorised access to a system. Fraudsters are known to target outdated phones, as it’s easier to spy on activity, access one-time passwords, and even control certain apps on your phone.
Where you purchase apps from makes a difference, too. Official app stores, like the Apple App Store and Google Play Store, act as security gatekeepers. They automatically scan apps for malware and remove any suspicious apps from the platform altogether.
Here’s how regular software updates and using official app stores will help you:
- It fixes bugs, blocks malware and prevents data theft the moment they’re discovered
- It actively improves security through things like better encryption or biometric checks
- They also vet app developers for security, and enforce rules on the use of data, contacts and photos in an app.
Set alerts on all your bank accounts to flag changes
All banks and building societies have security features built into to their accounts which work hard to keep your data safe. Security alerts are a great way of notifying you of any suspicious activity on your account.
You can usually set alerts for:
- Failed login attempts, to help you see if someone is trying to gain access
- Potential fraud alerts, such as unusual login activity on your accounts
- New transactions, such as a new recipient for transfers or withdrawals.
- High-value transactions or those over a specified value
Although they can’t always prevent something from happening, alerts will give you the best chance to fix an issue before it gets out of control. It’s a good idea to choose more than one way of being notified. Push notifications to your phone, combined with SMS and email alerts will cover all the bases, so you’re more likely to get the alert in good time.
Follow us for more
At GMB Credit Union, our members’ security is a top priority, and we are independently rigorously assessed and certified annually by Cyber Essentials.
We would also recommend that our members use our Nivo App for encrypted bank standard instant messaging in preference to email. The Nivo app is secure enough for you to share personal information and discuss your finances and transactions. You can also use it to send us photos of sensitive documents (payslips and bank statements), complete identity checks..
Cyber risks are always evolving so you can keep online by following us on Facebook, Instagram and YouTube.